> As to IIS4.0 and NT, well, locking up such a system can be quite a chore, > and some might argue a chore of impossibility. A look at the BugtraQ > archives on NT and IIS4.0 might make ya a tad queasy. I personally feel > NT is not up to the same tasking as uni* systems tend to be. > > Suppose an Internet site does not have a firewall. Can a securely > > configured IIS 4.0 server running under securely configured NT 4.0 > > protect the site from unauthorized access and denial of service attacks? Yes it can be done. What really matters is the type of content you are serving up with it, that is where it might break. The reason that IIS/NT gets such a bad rap is that they are just plunked out on the net for all to have at. Many a Unix box would fall to exploit under these condition as well. Take a look at the following 2 URLs for a starting point: IIS Checklist http://www.microsoft.com/technet/security/iischk.asp Building a Windows NT bastion host in practice v1.3 http://people.hp.se/stnor/ Phil
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:03:44 PDT